Client-side software, such as a web browser, uses some commonly agreed upon procedures to determine whether identifiers for any two servers, or network devices, are in the same network community called a domain (single domain). If they are not in the same domain, the two network devices are said to be in different domains (multiple domains).
For security purposes, servers which provide WWW (world wide web) content often require users to complete an authentication procedure before being provided access to a particular resource. After completion of such an authentication, the server sends the user's web browser one or more “cookies” which the browser then stores in a “cookie jar” for the particular domain. At a later time, if the user attempts to access the particular domain again, the web browser automatically forwards the cookies stored in the domain's cookie jar, and the server recognizes these cookies and does not require the user to re-authenticate. These cookies provide a pre-validated, sometimes time-limited ticket to access one or more protected web sites in a domain.
It is frequently the case that an organization or a group of participating organizations might provide service to users through multiple different domains, each of which have their respective authentication procedure which must be completed by a user. Disadvantageously, a user who completes the authentication procedure for a first domain who later visits a second of the multiple domains will need to complete a subsequent authentication procedure, and this is inconvenient to the user. It would be desirable to allow a user to authenticate within one domain, and then not need to re-authenticate in other related domains.
More generally, it may be desirable to communicate user-specific information, for example personal data and/or purchase enabling information pertaining to a user from one server to another. Communicating such information through direct server-to-server communications may be in violation of some countries' privacy laws. For example, sending credit card information, street address, telephone number, social security number, bank details, personal health information, taxation data, criminal records etc. from one server to another server directly without user consent may be a violation of privacy laws. Another approach is to send multiple secured emails to different sites with registration information. The information is sent in a non-validated one-way communication.
In the conventional use of a browser as master, data is acquired from a server. The browser may also “post” data to a server, e.g. when a user fills out a form, after which the browser delivers data to the server which provided the form. This does not provide a convenient way to transfer data between servers.